The default can be changed inside the config file caCert.profile located somewhere (/var/lib/rhpki-ca/conf ???).

The line reads 2.default.param.range=720 which you can change and then restart your CA.

I used RedHat CA and not the dogtag version therefore the path and field names may differ from what I quoted.

From: Julius Adewumi
@GDC4S.com

From: pki-users-bounces@redhat.com [mailto:pki-users-bounces@redhat.com] On Behalf Of Uzor Ide
Sent: Monday, January 11, 2010 5:07 PM
To: pki-users@redhat.com
Subject: [Pki-users] CA Validity

Hi All

Am new to the Dogtag Cert server. Am testing it out for my company.
Please I need direction on how to change the number of years of validity for the Security Domain Certificate Authority Certificate.
After the installation and setup I found the CA Signing Certificate has only 2 years validity.
Even after trying to change it through the profile and re-running the setup I still ended up with 720 days certificate.

Can anybody help and point me in the right the direction.

Thanks in advance for your help.

Ide